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CLAIMS 



of: 



method for system security in distributed systems, said method comprising the steps 

a) Waking authentic statements by trusted intermediaries; 

b) dUi jing freshness constraints from initial policy assumptions and the authentic 
statements; and 

c) imposing freshness constraints employing authenticating principals to effect 
revocation. 

2. A method according to claim 1 , wherein said step b) comprises the substep I) of 
normalizing suffix constraints of the freshness constraint prior to applying other rules. 

3. \ A method according to claim 2, wherein said substep I) comprises applying the 
followingNaxiom, 

I- (a\ ft notbefore t, notafter t : ) = (((/, * h) A (t 4 £ t 2 )) . B notbefore t 3 
notafter t 4 ). 



4. A rlethod according to claim 1, wherein said step c) comprises specifying the time of 



revocation. 
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5. A metrlbd according to claim 4, wherein said step c) includes trusting principals not to 
lie when specifying the time of revocation certificates. 

6. A methodbccording to claim 5, wherein said step c) further comprises the substep I) of 
arbitrarily bounding certain revocation by adjusting the freshness constraints. 
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7. A method according to claim 6, wherein said substep I) comprises applying the 
following axioms, 

[ (A . B notb\fore t, notafter t 2 ) = (((A says s at t 3 ) (t, < t now , t 3 < t : )) = (B says s at 

tj)); and 

\ (A says (B A notbefore t, notafter r,) at t 3 ) = (B . A notbefore t, notafter /,). 

8. A method for enfo^ing revocation in distributed systems, said method comprising the 
steps of: 

a) issuing one or\nore initial assertions by one or more distinguished principals; 

b) asserting, by thi distinguished principals, one or more principals with authority 
for asserting a time stamped vanity assertion pertaining to the validity of each initial 
assertion; 

c) asserting the time Stamped validity assertion to none or more initial assertions 
indicating their validity at the timeW the time stamp; 
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d) assorting freshness constraints indicating a length of time and the initial 
assertions that the freshness constraints relate; and 

f) verifying that a relation | t now - t rime slamp \ <l 8 is satisfied for each particular 
assertion necessary for verification of a secure channel, where t limeaamp is a time of a time 



stamp pertaining to 
necessary freshness 
verification. 



he validity assertion of a particular assertion, 5 being a minimum 
:onstraint pertaining to the particular assertion and t now being the time of 



9. A method according to claim 8, wherein said steps a) and b) occurring concurrently. 



10. A method according to claim 8, wherein in said step a) the distinguished principals are 
identification authorities' 

11. A method according to claim 10, wherein said step a) includes issuing certificates, as 
initial assertions, by the identification authorities. 



12. A method according AbVlaim 8, wherein said step a) further includes asserting a 
validity of the initial assertMUu_th^ime of a time stam P employing a time stamp assertion. 



13. A method according to cl\im 8, wherein said step d) includes asserting freshness 
constraints within said step b). 
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14. A methocl according to claim 8 , wherein said step f) includes verifying the relation 
using a verifier which is a distinguished principal. 

15. A method According to claim 8, wherein said step a) includes the substep of asserting, 
by the initial assertjons, one or more relationships to one or more of the distinguished 
principals. 

16. A method according to claim 15, wherein one or more of the relationships including 
asserting an employe^ relationship and asserting an identity of a person having the employee 
relationship. 

17. A method according to claim 8, wherein said stop a) includes cryptographically 
certifying the initial assertions using a key of one or more of the distinguished principals. 

18. A method according to claim 17, wherein in said step a) the distinguished principals 
are identification authority 

19. A method according to claim 8, wherein said step a) includes storing the initial 
assertions in a trusted storale system, the trusted storage system being trusted by other 
principals as being an assertion by one or more of the distinguished principals. 
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20. A method acco ding to claim 8, wherein said step c) includes storing the time stamped 
validity assertions in a rusted storage system, the trusted storage system being trusted by other 
principals as being an assertion of one or more of the distinguished principals. 



21. A method accoi ding 



certificates by the one 



to claim 8, wherein said step c) includes issuing time stamped 
more authorities for asserting the time stamped validity assertions. 



22. A method according to claim 8, further comprising the step of: 
g) distributing the time stamped certificates to storage systems and communication 

networks. 

23. A method according to claim 22, wherein said step g) includes addressing the 
distribution of the time starkped certificates to one or more multicast addresses. 

24. A method according\to claim 22, wherein in said step t) distribution occurs at periodic 
intervals. 



25. A method according ti claim 8 wherein said step d) includes asserting the freshness 
constraints within the initial assertions. 
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26. A method according to claim 8, wherein said step d) includes asserting the freshness 
constraints by a tfisk taker. 

27. A method! according to claim 26, wherein the risk taker is a verifier. 
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28. A method Axording to claim 8, wherein in said step d) includes cryptographically 
certifying the freshnfess constraint and the initial assertions using a signing key. 

29. A method according to claim 8, wherein said step d) comprises the substep of storing 
the freshness constraint and the initial assertions in trusted storage systems trusted by other 
entities as being an assertion of the principals making the assertion. 

30. A method according to claim 8, wherein said step 0 includes dynamically changing the 
time of verification. 



31. A method for protecting an authority of one or more distinguished principals and. 
enforcing revocation when thdlauthority is compromised, said method comprising the steps of: 

a) issuing one or rflpte initial assertions delegating authority by a first one of the 
distinguished principals to a secbnd one of the distinguished principals; 

b) issuing one or more secondary assertions delegating authority by the second one 
of the distinguished principals to a\third one of the distinguished principals; 
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c) repeating\said step b) none or more times; 

d) issuing or|e or more authoritative assertions by one or more of the distinguished 
principals; 

e) asserting iteshness constraints on assertions; 
i time stamped validity assertion to the assertions in said steps a)-e) 

indicating the validity of the assertions in said steps a)-e) at the time of the time stamp; 

g) verifying tlat a relation | t now - t lime mmp h o is satisfied for each particular 

rification of a secure channel, where t lim , lamp being the time of a time 
stamp pertaining to the validity assertion of the particular assertion, 6 being the minimum 
necessary freshness constraint pertaining to the particular assertion, and t now being the time of 
verification. 

32. A method according to claim 28, wherein said step d) further comprises including an 
assertion on behalf of a parelt distinguished principal due to the delegated authority obtained 
by said steps a)-c), and wlJein said step e) further comprises making a freshness constraint in 
assertions made by a child extinguished principal in said steps a)-d) more restrictive than 
freshness constraints madelb^lhe_Ekent distinguished principal. 

33 . A method according td claim 3 1 , wherein said steps a) and t) are performed 



concurrently. 
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34. A method according to claim 3 1 , wherein said steps b) and f) are performed 

concurrently. 

35. A method accordingly claim 3 1 , wherein said steps d) and f) are performed 
concurrently. 

36. A method according to\claim 3 1 , wherein inputs to the one or more principals is off- 
line. 



37. A method for issuing certificates in a system for enforcing revocation in distributed 
systems, said method comprisinglthe steps of: 

a) designating a policl authority for dictating policy to subordinates; 

b) asserting an organization subject to a policy of a policy authority; 

c) issuing certificates f\r subordinate principals within the organization by the 
organization; 

d) asserting, by the organization, a principal authorized as an authority for issuing 

time stamped certificates; 

e) delegating authority fdplsstnng time stamped certificates; 



f) asserting freshness'c/)i\straints on assertions; and 

g) verifying that a relatior} | t now - / hme slamp h 6 is satisfied for each particular 
assertion necessary for verification of \ secure channel, where t timeslamp being a time of a time 
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stamp pertaining to the vWidity assertion of a particular assertion, 6 being a minimum 
necessary freshness constraint pertaining to the particular assertion and t mw being the time of 
verification. 

38. A method according to claim 37, further including storing the assertions, time stamp 
and reference in a replicatld directory having varying levels of persistent storage. 

39. A method according to claim 38, wherein the replicating directory includes frequently 
replicating information in alhigh level directory, often replicating information in a medium 
level directory and infrequently replicating information in a low level directory. 

40. A method accordingly claim 39, further including replicating time stamped assertions 
in the high level directory, repeating the time stamped assertions and delegation assertions in 
the medium level directory, afo^replicating the time stamped assertions, the delegation 
assertions and identification assertions in the low level directory. 



41. A method according tolclaim 38, further including storing each assertion in a trusted 
storage system being trusted byj other principals as being an assertion by one or more 
distinguished principals. 
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to claim 38, farther including cryptographically certifying the 
te or more of the distinguished principals. 



43. A method for system security in a distributed system network, comprising the steps of: 

a) receiving a policy in thk distributed system network; 

b) preparing an initial statement in the distributed system network in response to said policy; 

c) preparing a second statement of an assigned revocation authority in the distributed system 
network in response to saidjpolicy, said second statement being associated with said initial 
statement; 

d) preparing a third statement of a freshness constraint period in the distributed system network 
in response to said policy, saM th>£i statement being associated with said initial statement; 



e) preparing a validity statenint at said assigned revocation authority in the distributed system 



network in response to said 
some temporal reference; 



policy, said validity statement including a verification status at 
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f) providing said initial statement, said second statement, said third statement, and said validity 
statement to a verification (author ity in the distributed system network; and 

g) selectively verifying sail initial statement at said verification authority in response to said 
initial statement, said seconk statement, said third statement, and said validity statement. 



44. A method according to claim 43, wherein any of the initial statement, said second and third 
statements, and said validity Ltement has an "expiration date" and/or "not valid before" date. 

45. A method according to claim 43, wherein any combination of said initial statement, said 
second statement, and said third statement occurs concurrently. 

46. A method according to claini 43, wherein the assigned revocation authority is an entity 
making the initial statement in stdp b). 



47. A method for system seculfitytn a distributed system network, comprising the steps of: 



a) receiving a first term policy in the distributed system network; 
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b) preparing an initial statement in the distributed system network in response to said first term 
policy; 

c) preparing a second statement of an assigned revocation authority pointer in the distributed 
system network in response td said first term policy, said second statement being associated 
with said initial statement; 

CI 

d) preparing a third statement delegating a freshness constraint period to said assigned 



+" revocation authority pointer in the distributed system network in response to said first term 
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e) providing a medium term policy to said revocation authority pointer in the distributed 



system network; 



f) preparing a fourth statement o 



medium term delegation at said revocation authority pointer 



in response to said medium term 



lolicy, said medium term delegation naming an assigned 



revocation authority; 



g) preparing a fifth statement of 



particular freshness constraint period at said revocation 



authority pointer in response to saidunedium term policy; 
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h) providing a third term polity to said revocation authority in the distributed system network; 



I) preparing a validity statement 
network in response to said 
status at some temporal 



th rd 



refere ice 



j) providing said initial statem 
validity statement to a 



at said assigned revocation authority in the distributed system 
term policy, said validity statement including a verification 



:nt, said second, third, fourth, and fifth statements, and said 
verification authority in the distributed system network; and 



k) selectively verifying said initial statement at said verification authority in response to said 
initial statement, said second, [hird, fourth, and fifth statements, and said validity statement. 




47, wherein any of the initial statement, said second, third, 
validity statement has an "expiration date" and/or "not 



48. A method according to 
fourth, and fifth statements, a y 
valid before" date. 



49. A method according to clai n 47, wherein any combination of said initial statement, said 



second statement, and said third 



statement occurs concurrently. 
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50. A method according to 
occur concurrently. 



51. A method according 



entity making the initial stai 
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claim 47, wherein said fourth statement and said fifth statement 





47, wherein the assigned revocation authority pointer is an 



ement in step b). 
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